Checking Ingested Data in Log Analytics Workspace

Alert data ingested by Azure Sentinel is stored in Log Analytics workspaces.

Important:

An empty Log Analytics workspace indicates that no new alerts were created after the connector was successfully deployed. The connector does not pull preexisting alert data from Trend Micro Vision One.

  1. Go to Log Analytics workspaces > {your_workspace} > General > Logs.
  2. In the Tables tab, under Custom Logs, verify that the TrendMicro_XDR_CL table exists.

    This table should exist if alerts were created in Trend Micro Vision One after the connector was successfully deployed.

  3. Click Run to run the query and view the data.